package com.wayne.security.provider;

import com.wayne.security.config.MyWebAuthenticationDetails;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

public class MyAuthenticationProvider extends DaoAuthenticationProvider {
  @Override
  protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
    /*
        HttpServletRequest req = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        String kaptcha = req.getParameter("kaptcha");
        String verify = (String)req.getSession().getAttribute("kaptcha");
        if (kaptcha ==null || verify == null || !kaptcha.equals(verify)) {
            throw new AuthenticationServiceException("验证码错误");
        }
    */
    if (!((MyWebAuthenticationDetails) authentication.getDetails()).isPassed()) {
      throw new AuthenticationServiceException("验证码错误");
    }
    super.additionalAuthenticationChecks(userDetails, authentication);
  }
}
